One of the biggest time-consuming jobs that IT professionals come up against is Patch Management. Patch Management is the process of completing the updates that are required by your IT systems to keep them current, secure, and obviously up to date! Without Patch Management you can become vulnerable to hacks, network problems and data loss, so it is incredibly important to make sure that patch management is a priority for your IT team. Yet because of its very repetitive nature and the potential for business impact this can be seen as overly complex and avoided as a result.
Here are our top 5 tips to Patch Management.
- The KISS Principle (Keep it Simple Stupid)
In the beginning, patching was complex and prone to causing serious impact due to incompatibilities since many vendors never expected anything to ever get patched. Things have changed now, and even Gartner are saying that patching ‘should just work’ so not to overcomplicate things. This is not to say that testing is pointless, just that you should find the balance between proving safety of patch content and making it a simple enough process that your organisation can allocate the time to maintain it effectively, while patching within a reasonable timeframe.
- Ownership Matters
Keeping up to date with your patches is essential for the security of your business. With more remote working now taking place it is essential that the security of your work systems is up to date. Yet we often see that responsibility for patching gets spread across a team with no-one truly owning it. A single point of failure is not a good thing, but the ‘buck’ must stop somewhere. In truth, if patching is everyone’s responsibility, the reality is that it ends up being no-ones responsibility.
- Microsoft is Not the Only Vendor
While Microsoft is still the dominant force, relying on Microsoft only patching is like barricading your front door to feel safe but ignoring all the other entrances to your house. It may surprise you just how many other vendors exist out there on your systems (or even under them, think VM Hosts). You don’t have to replace Microsoft patching tools such as WSUS, there are tools to extend the content such as Ivanti Patch for SCCM or just use another tool to make sure you have the third-party patching covered and leave the rest to Microsoft.
- In 2021, Remote Means Remote
You probably don’t need it pointing out that we recently had a lot of people start working remotely. Perhaps your patching systems can handle this, but it is likely that for many, the patch content is being delivered down already overloaded VPN links. In some cases, we are seeing no patching happening at all because the reliance is still on the device being connected to the corporate network. We have seen a huge increase and interest in technologies like Ivanti Security Controls (ISEC) because of how fast this can be up and running, its ability to handle virtual as well as physical devices, but critically the built-in Cloud capabilities meaning that wherever the device is it will still be scanned and patched. So, consider if your current patching solution is fit for the remote working world.
- Health Check
This is something that really supports the other 4 points but is important by itself. Take the time (or allow someone like us) to review what you have in place today, how it is configured, what your process is, and consider whether it is fit for purpose today and in the future. While Gartner may be of the mindset that patching these days should just work, there are still plenty of things that may be preventing the smooth delivery of this important business continuity/security practice.
Finally, if you take anything away from this blog it should be that patch management is a continuing process, its integral to the functionality, security, and durability of your work systems so although those little ‘update now’ boxes can be a nuisance, they are part of a bigger picture and should not be ignored. So, make sure you take some time to either update them yourself or give someone like us a call to make the changes for you.
